Comodo Internet Security 6.xx Thread

In CIS 5 the autosandbox was a policy restriction but the on demand sandbox (right click run this program sandboxed) was a true isolation sandbox.

In CIS 6 I don't know if now everything remains the same or the auto sandbox is also a full sandbox, and it includes kiosk (user friendly sandbox)

 

Thanks guest,
I could never get the sandbox element to work although i dont know if running a limited user account had anything to do with this.
What im interested in at the moment is whether the avast issue has been resolved.

 

I was talking about TVL too permissive.

Kiosk is totally virtualized ?

 

The TVL can be removed.

 

Disable TVL: http://forums.comodo.com/defense-sa...-want-to-v5-t62567.0.html;msg441942#msg441942

Yes totally virtualized
http://forums.comodo.com/general-di.../sneak-peek-into-comodo-rd-labs-t84214.0.html

I don't know if you have access to the cis beta forum but here you have all the details of the new sandbox in CIS 6
https://forums.comodo.com/beta-corn...ing-updated-t87412.0.html;msg629600#msg629600

By the way a developer has said that the issue discussed here was already fixed.

 

I personally commend you, Shaoran, for bringing this vulnerability to everyones attention instead of maybe using it for nefarious purposes... in the true spirit of ethical hacking. Comodo should PAY you for making their product better.

And I agree with Kees. The thought of killing it with it's own installer brought a smile to my face as well.

Thank you also for pointing out yet another good reason to just remove that trusted vendor list altogether. It's supposed to add "convenience", but I personally find gaping security holes decidedly inconvenient. To me that list defeats the entire purpose of having D+ to begin with.

 

As Shaoran said he does not discover vulnerabilities to report them, according to him he does not have time, but he can spend hours to find them, I guess he makes a different use of the bugs that he discover.

The TVL has nothing to do with this, if you make trusted IE (without TVL) the effect is the same. But make an app trust does not mean that can do anything. The alternative use the paranoid mode.
To allow that, you need to allow 3 warnings from IE, nothinig protects you against stupidity, if you uninstall comodo manually you are also unprotected and requires less clicks...
Nothing can happens if the browser is sandboxed
Only affects to IE
If this is really possible the less important thing is that you can uninstall comodo.
It has to be personalize for a CIS installation
And a CIS developer says that this was already fixed, and they know about this and right now are working in CIS 6 beta

http://forums.comodo.com/news-annou...st-a-script-t88594.0.html;msg639801#msg639801

 

Can't we modify rules in défense+ to avoïd too permissives rules ?
Which differences between proactive and IS please ? I don't want paranoïd mode, i use securised mode.

 

Here are the differences explained
http://help.comodo.com/topic-72-1-170-1704-comodo-preset-configurations.html
I always use proactive, and IMO should be the default because the popups are also minimal.

 

"Proactive Security" configuration is the most secure.

 

Yep, but no more pop-ups than IS ?

 

Yes, but I think you won't notice the difference, or maybe yes but I mean does not end being annoying, It's not like the paranoid mode at all. And after a week or so like it happens with the IS preset CIS is almost silent.

 

I'll give it a try. Thanks.

 

I like the idea of lockdown mode in ExeRadar Pro. If I first run HIPS in "Safe" or "Clean PC" mode with checked "Create rules for safe applications". Then after routine using of all programs on the computer make HIPS in "Paranoid Mode", and check "Do NOT show popup alerts" and choose "Block requests". Will it be the same "lockdown mode" for CIS?

 

I think you should also disable TVL and cloud lookup.

 

Thanx, that a good idea. Then what about disabling sandbox? In this "lockdown" mode it must be unnecessary.

 

It's going to be as lockdown as it can get. I did this for a repeat client that kept bringing back his desktop infected. I ditched MSE and added CIS. I then placed it in proactive, set it to paranoid and switched off all alerts for D+ and the AV. It's automatically set to quarantine any threats and D+ is set to block and shouldn't make a peep. I'm hoping that will keep him out of trouble.

 

the AV. It's automatically set to quarantine any threats
danger for any false positive it can send legit files to quarentine

 

Better to quarantine than to delete.
You can restore it after confirmed to be FP.
If you want AV popup, just uncheck "Do not show..." option in AV scanner settings.

 

I haven't had many false positives with the AV so I'm not worried. Worse case is that it holds a system file ransom.

 

Yeah that's the way I feel about it siketa. I'd rather not have this guy seeing any pop ups and just have him wondering why he can't run something. He's the type of client that clicks on every email link, pop up on a porn site. I'm hoping that CIS works out for him. I don't mind charging him every time he brings his machine to me but it takes a while to clean. Twice in one week is too much.

 

What a pathetic beta test from COMODO. First they mess up BETA2 to an extent that it's unusable, they remove the download link, they don't provide any updated beta and they don't say a word about it for 2 weeks now. Thats not how you do beta testing for crying out loud. And whats even worse, stupid mods keep on "calming us down" with words that Comodo is doing everything and that they care. How can you possibly know that if they (the devs) haven't commented anything for 2 weeks!? If they'd care even a bit, someone from devs would take 10 seconds of his time and post what the hell is going on. But if you can't take 10 seconds to do that, then you just plain don't care about the entire beta test, the program that you're making or the users who are taking their own time to test your software.

And whats even funny, well it actually borders to sad but oh well, instead of mods taking an initiative to call for devs attention, they instead want to make you look like you're the only annoying idiotic user who wants some answers after 2 weeks of ~Phrase removed~ silence. Apparently they still don't get it that doing so is not helping anyone. But they seem to know it better than me because they have the "Moderator" badge. Heh, fools...

 

That will Teach Them

 

No it won't. Because it's the same every single time i get back to them.

 

Yes, I saw you where questioning why on EARTH it no UP, and they were going to do "disciplinary action". But you are speaking for the hundreds